| Vitaly Buka | 9ba72a8 | 2015-08-06 17:36:17 -0700 | [diff] [blame] | 1 | // Copyright 2011 The Chromium OS Authors. All rights reserved. |
| Vitaly Buka | 6ca6a23 | 2015-08-06 17:32:43 -0700 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| Vitaly Buka | 9e5b683 | 2015-10-14 15:57:14 -0700 | [diff] [blame] | 5 | #include "third_party/chromium/crypto/p224_spake.h" |
| Vitaly Buka | 6ca6a23 | 2015-08-06 17:32:43 -0700 | [diff] [blame] | 6 | |
| 7 | #include <string> |
| 8 | |
| Vitaly Buka | 9ba72a8 | 2015-08-06 17:36:17 -0700 | [diff] [blame] | 9 | #include <base/logging.h> |
| 10 | #include <base/strings/string_number_conversions.h> |
| 11 | #include <gtest/gtest.h> |
| Vitaly Buka | 6ca6a23 | 2015-08-06 17:32:43 -0700 | [diff] [blame] | 12 | |
| 13 | namespace crypto { |
| 14 | |
| 15 | namespace { |
| 16 | |
| 17 | std::string HexEncodeString(const std::string& binary_data) { |
| 18 | return base::HexEncode(binary_data.c_str(), binary_data.size()); |
| 19 | } |
| 20 | |
| 21 | bool RunExchange(P224EncryptedKeyExchange* client, |
| 22 | P224EncryptedKeyExchange* server, |
| 23 | bool is_password_same) { |
| 24 | for (;;) { |
| 25 | std::string client_message, server_message; |
| 26 | client_message = client->GetNextMessage(); |
| 27 | server_message = server->GetNextMessage(); |
| 28 | |
| 29 | P224EncryptedKeyExchange::Result client_result, server_result; |
| 30 | client_result = client->ProcessMessage(server_message); |
| 31 | server_result = server->ProcessMessage(client_message); |
| 32 | |
| 33 | // Check that we never hit the case where only one succeeds. |
| 34 | EXPECT_EQ(client_result == P224EncryptedKeyExchange::kResultSuccess, |
| 35 | server_result == P224EncryptedKeyExchange::kResultSuccess); |
| 36 | |
| 37 | if (client_result == P224EncryptedKeyExchange::kResultFailed || |
| 38 | server_result == P224EncryptedKeyExchange::kResultFailed) { |
| 39 | return false; |
| 40 | } |
| 41 | |
| 42 | EXPECT_EQ(is_password_same, |
| 43 | client->GetUnverifiedKey() == server->GetUnverifiedKey()); |
| 44 | |
| 45 | if (client_result == P224EncryptedKeyExchange::kResultSuccess && |
| 46 | server_result == P224EncryptedKeyExchange::kResultSuccess) { |
| 47 | return true; |
| 48 | } |
| 49 | |
| 50 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, client_result); |
| 51 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, server_result); |
| 52 | } |
| 53 | } |
| 54 | |
| 55 | const char kPassword[] = "foo"; |
| 56 | |
| 57 | } // namespace |
| 58 | |
| 59 | TEST(MutualAuth, CorrectAuth) { |
| 60 | P224EncryptedKeyExchange client( |
| 61 | P224EncryptedKeyExchange::kPeerTypeClient, kPassword); |
| 62 | P224EncryptedKeyExchange server( |
| 63 | P224EncryptedKeyExchange::kPeerTypeServer, kPassword); |
| 64 | |
| 65 | EXPECT_TRUE(RunExchange(&client, &server, true)); |
| 66 | EXPECT_EQ(client.GetKey(), server.GetKey()); |
| 67 | } |
| 68 | |
| 69 | TEST(MutualAuth, IncorrectPassword) { |
| 70 | P224EncryptedKeyExchange client( |
| 71 | P224EncryptedKeyExchange::kPeerTypeClient, |
| 72 | kPassword); |
| 73 | P224EncryptedKeyExchange server( |
| 74 | P224EncryptedKeyExchange::kPeerTypeServer, |
| 75 | "wrongpassword"); |
| 76 | |
| 77 | EXPECT_FALSE(RunExchange(&client, &server, false)); |
| 78 | } |
| 79 | |
| 80 | TEST(MutualAuth, ExpectedValues) { |
| 81 | P224EncryptedKeyExchange client(P224EncryptedKeyExchange::kPeerTypeClient, |
| 82 | kPassword); |
| 83 | client.SetXForTesting("Client x"); |
| 84 | P224EncryptedKeyExchange server(P224EncryptedKeyExchange::kPeerTypeServer, |
| 85 | kPassword); |
| 86 | server.SetXForTesting("Server x"); |
| 87 | |
| 88 | std::string client_message = client.GetNextMessage(); |
| 89 | EXPECT_EQ( |
| 90 | "3508EF7DECC8AB9F9C439FBB0154288BBECC0A82E8448F4CF29554EB" |
| 91 | "BE9D486686226255EAD1D077C635B1A41F46AC91D7F7F32CED9EC3E0", |
| 92 | HexEncodeString(client_message)); |
| 93 | |
| 94 | std::string server_message = server.GetNextMessage(); |
| 95 | EXPECT_EQ( |
| 96 | "A3088C18B75D2C2B107105661AEC85424777475EB29F1DDFB8C14AFB" |
| 97 | "F1603D0DF38413A00F420ACF2059E7997C935F5A957A193D09A2B584", |
| 98 | HexEncodeString(server_message)); |
| 99 | |
| 100 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 101 | client.ProcessMessage(server_message)); |
| 102 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 103 | server.ProcessMessage(client_message)); |
| 104 | |
| 105 | EXPECT_EQ(client.GetUnverifiedKey(), server.GetUnverifiedKey()); |
| 106 | // Must stay the same. External implementations should be able to pair with. |
| 107 | EXPECT_EQ( |
| 108 | "CE7CCFC435CDA4F01EC8826788B1F8B82EF7D550A34696B371096E64" |
| 109 | "C487D4FE193F7D1A6FF6820BC7F807796BA3889E8F999BBDEFC32FFA", |
| 110 | HexEncodeString(server.GetUnverifiedKey())); |
| 111 | |
| 112 | EXPECT_TRUE(RunExchange(&client, &server, true)); |
| 113 | EXPECT_EQ(client.GetKey(), server.GetKey()); |
| 114 | } |
| 115 | |
| 116 | TEST(MutualAuth, Fuzz) { |
| 117 | static const unsigned kIterations = 40; |
| 118 | |
| 119 | for (unsigned i = 0; i < kIterations; i++) { |
| 120 | P224EncryptedKeyExchange client( |
| 121 | P224EncryptedKeyExchange::kPeerTypeClient, kPassword); |
| 122 | P224EncryptedKeyExchange server( |
| 123 | P224EncryptedKeyExchange::kPeerTypeServer, kPassword); |
| 124 | |
| 125 | // We'll only be testing small values of i, but we don't want that to bias |
| 126 | // the test coverage. So we disperse the value of i by multiplying by the |
| 127 | // FNV, 32-bit prime, producing a poor-man's PRNG. |
| 128 | const uint32 rand = i * 16777619; |
| 129 | |
| 130 | for (unsigned round = 0;; round++) { |
| 131 | std::string client_message, server_message; |
| 132 | client_message = client.GetNextMessage(); |
| 133 | server_message = server.GetNextMessage(); |
| 134 | |
| 135 | if ((rand & 1) == round) { |
| 136 | const bool server_or_client = rand & 2; |
| 137 | std::string* m = server_or_client ? &server_message : &client_message; |
| 138 | if (rand & 4) { |
| 139 | // Truncate |
| 140 | *m = m->substr(0, (i >> 3) % m->size()); |
| 141 | } else { |
| 142 | // Corrupt |
| 143 | const size_t bits = m->size() * 8; |
| 144 | const size_t bit_to_corrupt = (rand >> 3) % bits; |
| 145 | const_cast<char*>(m->data())[bit_to_corrupt / 8] ^= |
| 146 | 1 << (bit_to_corrupt % 8); |
| 147 | } |
| 148 | } |
| 149 | |
| 150 | P224EncryptedKeyExchange::Result client_result, server_result; |
| 151 | client_result = client.ProcessMessage(server_message); |
| 152 | server_result = server.ProcessMessage(client_message); |
| 153 | |
| 154 | // If we have corrupted anything, we expect the authentication to fail, |
| 155 | // although one side can succeed if we happen to corrupt the second round |
| 156 | // message to the other. |
| 157 | ASSERT_FALSE( |
| 158 | client_result == P224EncryptedKeyExchange::kResultSuccess && |
| 159 | server_result == P224EncryptedKeyExchange::kResultSuccess); |
| 160 | |
| 161 | if (client_result == P224EncryptedKeyExchange::kResultFailed || |
| 162 | server_result == P224EncryptedKeyExchange::kResultFailed) { |
| 163 | break; |
| 164 | } |
| 165 | |
| 166 | ASSERT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 167 | client_result); |
| 168 | ASSERT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 169 | server_result); |
| 170 | } |
| 171 | } |
| 172 | } |
| 173 | |
| 174 | } // namespace crypto |
